Charles Lowell
Charles Lowell
Related: #17386 (MSAL requires a tenant validation solution to support ADFS)
It's our own invention. MSAL doesn't have a similar allow list because its multitenant API is always explicit.
> Should our API be explicit too (it's what we did in track 1)? We can't (well, not without major surgery) make the tenant explicit to the developer in every...
Retargeted this to a feature branch so we can review and merge it without interfering with other features entering `main`.
Blocked on https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/239
We plan to ship azidentity with built-in workload identity support in early January. In the meantime, [my code above](https://github.com/Azure/azure-sdk-for-go/issues/15615#issuecomment-1211012677) works with v1.2.0, currently available as a beta; stable v1.2.0 will...
No problem, questions are welcome. It will be a beta release in January. I might be able to get a first beta out in December, depending on how vacations align.
What you describe sounds like reasonable default behavior to me but custom transports should still have full control over HTTP requests. It's okay for MSAL to set headers before handing...
This support is available now: with azidentity v1.3.0-beta.3 and azcore v1.4.0-beta.1, credentials default to sending CP1 and ARM clients internally handle claims challenges.
Closed by #19872, which we included in azidentity v1.3.0-beta.3